Implementations of the claimed invention generally may relate to security verification and, more particularly, to preventing software modification via secure booting.
In certain applications, it may be desirable to prevent unauthorized modification of software, for example to protect high-value content and/or service provider revenue. One scheme that has been proposed to prevent such unauthorized modification is to “securely boot” from a trusted (e.g., assumed uncorrupted) source to ensure that software is not or has not been modified. Such secure booting may ensure data security itself, or it may trigger subsequent verification in a so-called “chain of trust.”
One way to design a secure boot scheme may be for a processor to read trusted boot code from an external memory device, such as non-volatile, flash-type memory. Such boot code may reside, for example, in a one-time programmable (OTP) area of the external memory device. Such one-time programmability may prevent overwriting of the trusted boot code.
Such an external memory device, however, may be vulnerable to a replacement attack, where the external memory may be removed and replaced with a different memory device containing modified boot code.